Entries from June 2007 ↓

Abstract

The Hindu proxy is a mecanish for tunneling connections over networks which have gone thru a certified stupid security (CSS) clearance which esencially blocks the normal networking tools, like ssh, telnet, http, et all.

1. Overview of operations

When a capable human being needs to access a resource block by a policy implemented by the CSS, he/she needs to connect to a hindu proxy in order to accomplish a task, such as running cat on a file.
The luser connect to any chat service which is pre-connected to the hindu proxy, and sends a hi request.
The hindu proxy replies with a random phrase which normally means hi.
The luser being should write a request for the server with the server, protocol, user and pass, which must be pass in clear text.
The process above needs to be repeated until the luser receives a valid ack.
The luser should send a series of shell commands which must be sequential and can’t be chained together, to which he must be sure won’t fail to be parsed by whatever shell environment the hindu proxy connected to, ways to determine the actual shell are left to the implementer and will vary from vendor to vendor.
The hindu proxy will have a buffer of 1 command which may not be longer than the current lenght of his chat window, overflows will be ignored or interpret as carriage returns.
The hindu proxy will copy&paste the request from the chat into the shell, the actual method is implementation dependant, as well as the handling of errors and overflows.
The hindu proxy will wait a random ammount of time for a response from the real server, after which it will send the response “it’s not working”
If the above timeout is never reach the hindu proxy will utilize the above copy@paste rutine to send the results back to the luser
2. Error handling
All errors reported by the server may or may not be proxied back to the luser
All errors reported by the hundi proxy may or may not be proxied back to the luser
All errors reported by the IM system may or may not be proxied back to the luser

3. The copy&paste protocol
The hindu proxy may implement several ways of transfering data, the recommended implementation is to relay the operation to the underliying operating system, although must implementations today utilze the “read,switchwindow,type” protocol

4. Security considerations
This protocol is vulnerable to the following:
- someone reading you IM window
- someone reading the hindu’s IM window
- the hindu leaving his workstation unlock
- anyone with access to the hindu workstation as the log files have read access to everyone by default
- Any sniffing software
In case you didn’t notice that was a joke, as per warchief request there is an editable version here

There are time when being ovidient bytes you in the ass.

For example the shell and rm, yes you know where I’m going. It turns out that the following command inside a makefile @rm -rf $(PREFIX)/bin/deluge does something really extrange. And yes it’s all my fault because I force it twice.

For some reason the r flag went to $(PREFIX)/bin and deleted everything, which I’m stil confused as to why.

ohh yes and $(PREFIX) was set to /usr, lovely isn’t it?

any ideas of how can I restore those files? I assume if I get the basic binaries for installing .deb it will show me the broken packages (read: all packages) then I could reinstall them all?

update:  So I got a liveCD and reinstalled my / keeping intact the home, this is one of the things I love about unix, even my windows positions where intact all I had to do was use the same username.

I have finally configure the trac instance at maetico.

Basically I’m planning to upload there all the programs that may be useful for someone, and keep is as a bug tracker.

I also plan to get some config files up which may be a nice inspiration, specially some like vimrc and bashrc.

Currently the trac is very open as anon you can create or edit most content, and I plan to leave it like that unless the spammers kill me. On the other hand if you are interested I have install the user management plugin so you can register your user.

Currently the trac has two projects.

with and wallpaper thingy

The other day Ricardo came up with an idea which I found great, so we went and implement it. Since then it has grown a nice set of features and I think it’s ready to test the world (well it was a week ago but I haven’t had the time to make the post).

In general the idea is to reduce the ammount of typing you do in the CLI.

I wrote a nice “extensive” readme file, which also showed me the very cool mime type “text/x-trac-wiki” so the link before is directly into SVN with trac wiki syntax formatting, sweet!

Since it’s a one file program there is no need for a installer, so just download it from here. If you are lazy enough the Makefile has a install target, and in case you where wondering the build.xml is just a sample. Although I could make it install the python code just for fun (evil laugh).

Last but not least I finally got my trac up (I’ll add another post for that) but if you find a bug please submit the patch here

Enjoy!

I had to do this today and I found a nice little utility to help out. So I’ll share it here.

first the config in your home dir there should be a .ssh dir and a file which stored your saved passphrases, in there create a file call config so you will have (~/.ssh/config) overthere you should add some directives, the format of the file is simple first a Host directive then a set of directives that apply to that host, then the next host.

Second you need a nice little utility call “connect-proxy” you can get it here. Or use your favorite package manager

sudo apt-get install connect-proxy

then just add the following to ~/ssh/config

# file://~/.ssh/config
# not using proxy on lan
Host 192.*
ProxyCommand connect-proxy %h %p
# mandatory to access the internet
Host *
ProxyCommand connect-proxy -H <yourProxy:post> %h %p

that means for your local network (192.*) don’t use a proxy for everything else go use the one in -H